openspec-archive
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via the processing of external data.\n
- Ingestion points: The skill reads delta specification files from the
openspec/changes/directory into the agent's context.\n - Boundary markers: No specific delimiters or instructions for the agent to ignore instructions embedded within the processed spec files are mentioned.\n
- Capability inventory: Performs file merge operations into
openspec/specs/and moves directories toopenspec/changes/archive/.\n - Sanitization: Lacks explicit content validation or sanitization of spec file content before merging data into the project's source of truth.
Audit Metadata